Scanning HTTPS (SSL) traffic

This article provides information about scanning HTTPS (SSL) traffic by using F-Secure Internet Gatekeeper for Linux.

Because HTTPS (SSL) traffic is encrypted, F-Secure Internet Gatekeeper for Linux cannot scan the contents of a file. However, by using the setup described in this article, HTTPS (SSL) transactions can be handled.

To protect internal clients

If you use this product to protect internal clients, HTTPS transfer can be handled. But, in this case, because it is transferred as encrypted data, it is not possible to scan its contents. In this case, traffic between the product and the client is SSL over HTTP-proxy using RFC-2817's CONNECT method:

If you use this product to scan connections to specific web servers, you need to scan after SSL decryption. Place the product between the web server and SSL-proxy/SSL-accelerator, and run the product as reverse proxy to scan. In this case, the connection flow is the following:

The Apache-SSL proxy, this product, and the Web server can also be put on a different server. If you use Apache as an SSL proxy, the following configuration (as an example) can be written on the Apache configuration file: